Attribute-based access control (ABAC) is an authorization technique that allows you to define fine-grained permissions based on user factors like department, job title, and team name. User attributes make permissions more intuitive and simplify the administrative process of managing access. By specifying permissions with attributes, you can reduce the number of separate permissions required to create fine-grained controls in your AWS account.
Attribute-Based Access Control for Amazon DynamoDB is now available in limited preview in the US East (Ohio), US East (Virginia), and US West (N. California) Regions. To request access to the limited preview, visit the preview page.
Use cases
- Grant developers and workloads read and write access to only their project resources.
Solution: When you base permissions on user attributes, you can ensure that developers and workloads only have read and write access to resources related to their projects. If the attributes of developers or workloads match those of project resources, they are granted access. Otherwise, they are rejected. For example, you can assign two developers from different teams, Alejandro and Mary, to the same IAM role and then use the team name property to manage access. When Alejandro and Mary check in to AWS, their identity provider (IdP) transmits their team name as an attribute in the AWS session, and they are only permitted access to their team's project resources, as indicated by the tags on those resources.
As you create new resource permission and new secrets and application have automatically access, to all secrets tag and product tag.
This are the tag Governance, Tags are for access control
Configure AWS tags and keys
Create secrets that are tagged with the project tag
Top comments (0)